Leakage of sensitive information in logger message

  • Rule ID: ruby_rails_logger
  • Languages: ruby
  • Source: logger.yml

Description

Sensitive information leakage in logger messages can compromise user privacy and security. This vulnerability occurs when sensitive data, such as personal identifiable information (PII), is included in log messages, making it accessible to unauthorized individuals.

Remediations

  • Do not include sensitive data in logger messages. This can lead to unintended exposure of personal or confidential information.
    Rails.logger.info('User is: #{user.email}') # unsafe
  • Do use non-sensitive, unique identifiers to reference users or other entities in log messages. This approach maintains privacy while still allowing for effective logging.
    Rails.logger.info('User is: #{user.uuid}')

References

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=ruby_rails_logger

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=ruby_rails_logger